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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

. A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 



WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 05 January 2005 . 
2a)D This action is FINAL. ' 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-55 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-55 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) (EI The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-55 are pending. 

Response to Arguments 

2. Applicant's arguments filed on 05 January 2005 with respect to claims 1-55 have 
been considered but are moot in view of the new ground(s) of rejection, Ramsdell, 
"S/MIME Version 3 Certificate Handling" and "UniCERT | Policy Support: Operational 
Controls". 

Allowable Subject Matter 

3. The indicated allowability of claims 1-55 filed on 15 April 2005 are withdrawn in 
view of the newly discovered reference(s) to Asad et al. (US Patent No. 6,725,240) in 
view of Ramsdell, "S/MIME Version 3 Certificate Handling" and in view of "UniCERT | 
Policy Support: Operational Controls". Rejections based on the newly cited reference(s) 
follow. 

Specification 

4. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 



Application/Control Number: 09/730,547 
Art Unit: 2137 



Page 3 



The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 

5. The abstract is more than the recommended 50 to 150 words in length. 
Appropriate correction is suggested. 

6. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code (See page 7 of the Specification). Applicant is 
required to delete the embedded hyperlink and/or other form of browser-executable 
code. See MPEP § 608.01. Appropriate correction is suggested. 

Claim Rejections - 35 USC § 112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

8. Claims 8,9,28, and 29 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. The claim language is vague and indefinite: "in 
accordance with X.500". 

9. Claims 12,31, 43, and 52 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. The claim language (phrase) is vague 
and indefinite: "from time to time". 
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Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 1-7,10-11 ,13-27,30,32-42,44-51, and 53-55 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Asad et al. (US Patent No. 6,725,240) in view of 
Ramsdell "S/MIME Version 3 Certificate Handling" and in view of "UniCERT| Policy 
Support: Operational Controls. 

Regarding claims 1,37, and 46, Asad et al. discloses the invention substantially 
as claimed because Asad et al. teaches an apparatus and method for protecting against 
data tampering in audit subsystem, for creating and verifying audit logs in a relational 
database without compromising the ability to detect data tampering in a data processing 
system. Asad et al. does not disclose a record-user mapping or user-name addressable 
entity mapping. Asad et al. does not disclose maintaining a database having entries for 
all contact points for a certificate nor does Asad et al. disclose remote notification for 
each record that is to be performed. 

However, Ramsdell "S/MIME Version 3 Certificate Handling" teaches and 
suggest setting up a certificate database in its simplest form to a particular user and a 
certificate database would function in a similar way as an address book. (See page 6, 
first full paragraph) Ramsdell teaches and suggests a database containing contact 
information for each certificate. Ramsdell further teaches and suggests the alternative 
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name extension used in the S/MIME as the preferred means to convey the RFC-822 
email address (es) that correspond to the entity for this certificate. (See page 9, Section 
4.4.3) Ramsdell teaches and suggests that the contact information could be one or 
more email addresses corresponding to the certificate entity (e.g. owner (s)). Finally, 
Ramsdell teaches and suggests when processing certificates, there may be situations 
where the processing software should take immediate and noticeable steps to inform 
the end user about it (See page 10, first paragraph). Thus, although not directed to an 
audit, Ramsdell does teach and suggest that the "end user" be notified if problems with 
the certificate are discovered. (See page 10, first paragraph) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have Asad et al. implement data tampering in addition to the 
audit system according to the S/MIME standards, thereby allowing the remote 
notification of records to be discovered by the end users. (See page 10, first paragraph) 

The combination of Asad et al. in view S/MIME does not teach the remote 
notification of an event by sending an email to all contact points notifying the owner(s) of 
an event. 

"UniCERT | Policy Support : Operational Controls" teaches that when a certificate 
reaches the end of its validity period, it can no longer be validated. The subject needs a 
new certificate, or at a minimum should be informed that their certificate has expired 
and they should apply for a new certificate. An email message to be sent to the end 
user, a configurable number of days before the certificate expires (Page 2, paragraph 
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entitled "Certificate Rollover") Thus, UniCERT specifically teaches and suggest the 
remote notification of a certificate event. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine UNiCERT and Ramsdell with Asad et al.'s teaching 
wherein the remote notification via email address(es) obtained from a certificate 
address book is sent to all recorded owners/aliases. 

As per claims 2,21,38, and 48, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein maintaining the user name- 
addressable entity mapping from each user name to the respective addressable entity 
(See Ramsdell, page 5, Section 3) 

As per claims 3 and 22, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein the user name-addressable entity 
mapping is a trusted mapping (See Ramsdell, page 6, first full paragraph) 

As per claims 4,23,39, and 49, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein perform remote notification of 
records generated by a certificate management system, wherein obtaining from a user 
name-addressable entity mapping a respective addressable entity comprises obtaining 
a respective addressable entity from a respective certificate stored in a repository of 
published certificates (See Ramsdell, page 6, first full paragraph and UniCERT, page 2, 
paragraph entitled "Certificate Rollover") 

As per claims 13 and 32, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein storing record reading parameters 
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(API) which determine circumstances under which the new set of records for processing 
is to be obtained, and obtaining the new set of records for processing in accordance 
with the record reading parameters (See Asad et al., Column 7, lines 4-10) 

As per claims 18,19, 20, 44, and 45, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein: 

identifying at least one record identifier for which target audit record processing is 
to be performed, the target audit record processing comprising (See Asad et al., 
Column 8, lines 53-67, Column 9, lines 1-27) 

for each record identifier for which target audit record processing is to be 
performed reading from the associated record a target user name, obtaining from the 
user name-addressable entity mapping a respective addressable entity for the target 
user name and sending a notification of the record to the addressable entity (See 
Ramsdell, page 5, Section 3) 

As per claims 5,24,40, and 50, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein the certificate management 
system comprises a PKI (Public Key Infrastructure) (See Ramsdell, page 1, Section 1) 

As per claims 6,25,26,41, and 47, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein maintaining the 
repository of published certificates in which is stored for each of a plurality of a user 
names the respective certificate in which is identified the respective addressable entity 
(See Ramsdell, page 6, first full paragraph) 
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As per claims 7,27,42, and 51 , the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein the addressable entity is an E- 
mail address (See Ramsdell, page 5, Section 3) 

As per claim 10, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein each certificate storing the 
respective addressable entity in a certificate extension field of the certificate (See 
Ramsdell, page 9, Section 4.4.2) 

As per claims 1 1 and 30, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein storing the respective addressable 
entity in a certificate extension field of the certificate comprises storing the respective 
addressable entity in a subject alternative name extension (See Ramsdell, page 9, 
Section 4.4.3) 

As per claims 14,15,33 and 34, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein comprising protecting 
each notification message by encryption and/or digital signature (See Ramsdell, page 7, 
Section 4.2) 

As per claims 16 and 35, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein verifying authenticity of the 
respective certificate before sending the notification to the addressable entity obtained 
from the respective certificate (See UniCERT, page 2, paragraph entitled "Certificate 
Rollover") 
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As per claims 17 and 36, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein maintaining an identification of a 
language of choice for each user name, before sending a notification to an addressable 
entity obtained for a particular user name, determining the particular user name's 
language of choice and including a translation of text in the notification message into the 
language of choice (See Ramsdell, page 5, Section 3) 

As per claims 53,54, 55, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein instructions stored thereon for 
instructing a processing platform to implement a method (See Asad et al., Column 12, 
lines 17-24) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871. The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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SUPERVISORY PATENT EXAMINER 




